hackers

WASHINGTON (AP) — For computer users, a few mouse clicks could mean the difference between staying online and losing Internet connections this summer.

Unknown to most of them, their problem began when international hackers ran an online advertising scam to take control of infected computers around the world. In a highly unusual response, the FBI set up a safety net months ago using government computers to prevent Internet disruptions for those infected users. But that system is to be shut down.

The FBI is encouraging users to visit a website run by its security partner, http://www.dcwg.org , that will inform them whether they’re infected and explain how to fix the problem. After July 9, infected users won’t be able to connect to the Internet.

Most victims don’t even know their computers have been infected, although the malicious software probably has slowed their web surfing and disabled their antivirus software, making their machines more vulnerable to other problems.

Last November, the FBI and other authorities were preparing to take down a hacker ring that had been running an Internet ad scam on a massive network of infected computers.MORE

if you believe this video — and that’s a big if — the era of thought-controlled phones has begun. A pair of hobbyist hackers claim to have taken Siri, the iPhone 4S feature that obeys voice commands, and turned it into an app that obeys brainwave patterns.

“It works! It really works! It’s so freaking amazing,” Josh Evans and Ollie Hayward announced Tuesday on the blog they created to chronicle what they call “Project Black Mirror.”

In the accompanying YouTube video, Evans wears EEG pads on his forehead and squints in concentration. A circuit board attached to an iPhone on the table beeps shortly later, and a mechanical voice says “calling Graham,” the third member of the project, whose phone then rings.

The hackers explain that they used the EEG pads to record the “signature brain patterns” of 25 Siri-based commands. By pairing the signatures with the commands, they effectively create a brain pattern-to-voice dictionary.MORE

The Anti-CSRF tokens generated by Facebook and other websites that want to keep their customers protected are being targeted by cybercriminals who can use them to temporarilytake over an account.

Symantec researchers did a little digging on the matter and found a few cunning plots in which attackers try to dupe users into providing the highly desired codes.

Cross-site request forgery (CSRF) is an attack in which basically the victim’s active session is borrowed by the cyber masterminds to perform illegal operations. Once the security token is obtained, the attacker can do whatever he wants as the website’s server detects him as being legitimate.more

Sesame Street’s YouTube channel was hacked today, leaving its normally family-friendly content replaced with pornographic content, according to a report on the tech blog The Next Web.

YouTube had the content removed in 22 minutes, according to the report, and as of this writing, the show’s channel has been replaced by a message saying it is unavailable.

YouTube representatives declined to comment on Sesame Street’s incident but said the removal of the content was in keeping with user guidelines.

“YouTube’s Community Guidelines prohibit graphic content,” a YouTube spokesperson said. “As always, we remove inappropriate material as soon as we are made aware of it.”

Hackers also altered the Sesame Street YouTube channel’s profile page to add the name MrEdxwx as the user, according to a screenshot posted by Naked Security. The profile also included the following message:MORE

A hacking group known as TeaMp0isoN have published private information belonging to former Prime Minister Tony Blair.

TeaMp0isoN have been in the news recently for allegedly hacking into a web site they claimed belonged to a member of LulzSec.

This time they targeted a webmail server used by Tony Blair in December of 2010. It is unclear why they waited for so long to disclose the breach and there is no evidence as of yet to confirm their story.

Information on Mr. Blair’s friends and colleagues includes names, home addresses, home, work and cell phone numbers and email addresses. Additionally Mr. Blair’s National Insurance Number (NIN) and Ms. Kay’s CV (resume) are also included in the dump.

We don’t know what specific flaws were exploited in this attack, but seeing that it is a webmail server the most likely method was SQL injection. It is extremely important to keep web servers patched and up to date, especially if they are running Linux using commonly exploited CMSs, webmail solutions and blogging software.

This attack like many we have reported on this year appears to be politically motivated. The TeaMp0isoN attackers called Mr. Blair a war criminal in a Twitter post and much of the language used is derogatory.

It’s not such a happy time over at Sony these days thanks to the bull’s-eye on its back.

But why is Sony — a major player in the worlds of gaming, movies and music — suddenly in the crosshairs of hackers?

Sony’s reputation for aggressively trying to protect its intellectual property rights may provide some clues.

Purdue University security expert Gene Spafford, who testified before Congress about Sony’s security problems, said there are plenty of examples. He cited Sony banning users who modded their PlayStations, the infamous case of installing “rootkits” on PCs of users as copy control for CD, and lawsuits it has filed against the likes of George Hotz andJammie Thomas.

Hotz, a hacker known for unlocking the iPhone, riled up Sony when he started a blog to document his progress hacking the PlayStation 3, which was regarded as being a locked and secure system. Thomas got caught up in a music piracy case, accused by the recording industry of sharing songs on the file-sharing site Kazaa.

“The image that has emerged from all this is that Sony is a rapacious corporation with no heart,” Spafford said. “Thus, it is not surprising that they might be a target for hackers.”

Fast-forward and you have the malicious attack on the PlayStation Network that compromised millions of user accounts and identities. And once word got out that Sony was not doing as good a job on the security side as it should be, the sharks could smell blood in the water.

Sony became snarled in almost constant attacks on all fronts, from phishing sites running on the servers of its Thai website to the most recent breaches by the merry hacksters known as LulzSec.

“SonyPictures.com was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities, as we should all know by now. From a single injection, we accessed EVERYTHING. Why do you put such faith in a company that allows itself to become open to these simple attacks?”

This sounds like a broken record… Passwords and sensitive user details stored in plain text… Attackers using “a very simple SQL injection” to compromise a major media conglomerate.

Worst of all the hackers are exposing over a million people to having their accounts compromised and identities stolen simply to make a political point.

The take away for the average internet users is clear. Don’t trust that your password is being securely stored and be sure to use a unique password for every website to limit your exposure if hacks like these occur.

I took a brief look at some of the information disclosed and many passwords used were things like “faithful”, “hockey”, “123456”, “freddie”, “123qaz” and “michael”.

Companies collecting information from their customers have a duty to protect that information as well.

In addition to employing proper encryption to protect against theft or loss, companies should work with reputable penetration testers to validate their security plans.

In a open letter sent to members of Congress this week, Sony Computer Entertainment boss Kaz Hirai has said that he cannot guarantee the PlayStation Network will not be hacked again despite new policy changes and added security measures.

Last month, Sony took down the PSN following multiple security breaches that left 101 million gamers with their personal data stolen including addresses, phone numbers and even credit cards.

Wrote Hirai:

No security system is absolutely foolproof, and changing conditions in the future can make a currently secure environment less secure.

These gaps in what we know are not for lack of trying by experts, but rather an unfortunate testament to the skill of those who perpetrated the attacks. Some aspects of the intrusion may never be known.

Sony has still not found the identities of the hackers except to subtly accuse the hacking group “Anonymous.”

about.me

"Don't worry if humans are ignoring your talents, coz there in heaven god is ranking you"-DEADBJ

i am a beggar hood. . .

“child_hood goes on asking for dolls”
“teen_hood goes on asking for girls”
“youth_hood goes on asking for job”
“adult_hood goes on asking for money”
“old_hood goes on asking for life”
“life_hood goes on asking for RESPECT”
“so i am a beggar hood” -deadbj